diff options
Diffstat (limited to 'pkgs/os-specific')
6 files changed, 54 insertions, 42 deletions
diff --git a/pkgs/os-specific/linux/kernel/linux-5.10.nix b/pkgs/os-specific/linux/kernel/linux-5.10.nix index db7ff9c912a..411a88d9293 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.10.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.10.1"; + version = "5.10.2"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "0p2fl7kl4ckphq17xir7n7vgrzlhbdqmyd2yyp4yilwvih9625pd"; + sha256 = "18l1ywp99inm90434fm74w8rjfl4yl974kfcpizg2sp2p8xf311v"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix index cee3d136d6d..0d504ff334a 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.4.84"; + version = "5.4.85"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "058mhczv6whjwxn7jjh1c6n5zrqjdnvbl2mp7jkfrg6frpvgr189"; + sha256 = "0220k327aa7gg48fqw171mcng8h717c4a1v14r3q36ksirnmiqqx"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-5.9.nix b/pkgs/os-specific/linux/kernel/linux-5.9.nix index 9e740c0c2a6..39cc9c56c5f 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.9.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.9.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.9.15"; + version = "5.9.16"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1vhaayqjv1ha3nsxy9zbsz497ba4d4a1g0gfhgxcvci8dp8djh2p"; + sha256 = "11mbnjvb5d5gwbrwlkqvzpg1ij4m19l5wr3wca9iiyg5i2papmxh"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix index dfb4cb9cc86..07a74c10771 100644 --- a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "5.10.1-rt19"; # updated by ./update-rt.sh + version = "5.10.1-rt20"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -25,7 +25,7 @@ in buildLinux (args // { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "0hihi7p866alh03ziz8q1l0p3sxi437h4a45c5dlv9lrg6f177qb"; + sha256 = "0z8ljfcn908hzjl11fkmwrx2r7j0hcgpx07g21ag162qrn6g5qby"; }; }; in [ rt-patch ] ++ lib.remove rt-patch kernelPatches; diff --git a/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix b/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix index 3ab1ae28a7b..b8cdda5a69a 100644 --- a/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix +++ b/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix @@ -1,46 +1,52 @@ -{ stdenv, fetchpatch, fetchurl, pam, openssl, perl }: +{ stdenv, fetchpatch, fetchFromGitHub, pam, openssl, perl }: stdenv.mkDerivation rec { - name = "pam_ssh_agent_auth-0.10.3"; + pname = "pam_ssh_agent_auth"; + version = "0.10.4"; - src = fetchurl { - url = "mirror://sourceforge/pamsshagentauth/${name}.tar.bz2"; - sha256 = "0qx78x7nvqdscyp04hfijl4rgyf64xy03prr28hipvgasrcd6lrw"; + src = fetchFromGitHub { + owner = "jbeverly"; + repo = "pam_ssh_agent_auth"; + rev = "pam_ssh_agent_auth-${version}"; + sha256 = "YD1R8Cox0UoNiuWleKGzWSzxJ5lhDRCB2mZPp9OM6Cs="; }; - patches = - [ # Allow multiple colon-separated authorized keys files to be - # specified in the file= option. - ./multiple-key-files.patch - (fetchpatch { - name = "openssl-1.1.1-1.patch"; - url = "https://sources.debian.org/data/main/p/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-1.patch"; - sha256 = "1ndp5j4xfhzshhnl345gb4mkldx6vjfa7284xgng6ikhzpc6y7pf"; - }) - (fetchpatch { - name = "openssl-1.1.1-2.patch"; - url = "https://sources.debian.org/data/main/p/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-2.patch"; - sha256 = "0ksrs4xr417by8klf7862n3dircvnw30an1akq4pnsd3ichscmww"; - }) - ]; + ed25519-donna = fetchFromGitHub { + owner = "floodyberry"; + repo = "ed25519-donna"; + rev = "8757bd4cd209cb032853ece0ce413f122eef212c"; + sha256 = "ETFpIaWQnlYG8ZuDG2dNjUJddlvibB4ukHquTFn3NZM="; + }; buildInputs = [ pam openssl perl ]; - # It's not clear to me why this is necessary, but without it, you see: - # - # checking OpenSSL header version... 1010104f (OpenSSL 1.1.1d 10 Sep 2019) - # checking OpenSSL library version... 1010104f (OpenSSL 1.1.1d 10 Sep 2019) - # checking whether OpenSSL's headers match the library... no - # configure: WARNING: Your OpenSSL headers do not match your - # library. Check config.log for details. - # - # ...despite the fact that clearly the values match - configureFlags = [ "--without-openssl-header-check" ]; + patches = [ + # Allow multiple colon-separated authorized keys files to be + # specified in the file= option. + ./multiple-key-files.patch + ]; + + configureFlags = [ + # It's not clear to me why this is necessary, but without it, you see: + # + # checking OpenSSL header version... 1010108f (OpenSSL 1.1.1h 22 Sep 2020) + # checking OpenSSL library version... 1010108f (OpenSSL 1.1.1h 22 Sep 2020) + # checking whether OpenSSL's headers match the library... no + # configure: WARNING: Your OpenSSL headers do not match your + # library. Check config.log for details. + # + # ...despite the fact that clearly the values match + "--without-openssl-header-check" + # Make sure it can find ed25519-donna + "--with-cflags=-I$PWD" + ]; + + prePatch = "cp -r ${ed25519-donna}/. ed25519-donna/."; enableParallelBuilding = true; meta = { - homepage = "http://pamsshagentauth.sourceforge.net/"; + homepage = "https://github.com/jbeverly/pam_ssh_agent_auth"; description = "PAM module for authentication through the SSH agent"; maintainers = [ stdenv.lib.maintainers.eelco ]; platforms = stdenv.lib.platforms.linux; diff --git a/pkgs/os-specific/linux/pam_ssh_agent_auth/multiple-key-files.patch b/pkgs/os-specific/linux/pam_ssh_agent_auth/multiple-key-files.patch index 190325251c9..71d8e08ecd0 100644 --- a/pkgs/os-specific/linux/pam_ssh_agent_auth/multiple-key-files.patch +++ b/pkgs/os-specific/linux/pam_ssh_agent_auth/multiple-key-files.patch @@ -87,21 +87,27 @@ diff -u pam_ssh_agent_auth-0.10.3-orig/pam_ssh_agent_auth.c pam_ssh_agent_auth-0 /* * PAM_USER and PAM_RUSER do not necessarily have to get set by the calling application, and we may be unable to divine the latter. -@@ -187,16 +184,17 @@ +@@ -184,5 +181,5 @@ */ if(user && strlen(ruser) > 0) { - pamsshagentauth_verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file); + pamsshagentauth_verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file_input); +@@ -201,3 +197,3 @@ + retval = PAM_SUCCESS; +- pamsshagentauth_logit("Authenticated (sshd): `%s' as `%s' using %s", ruser, user, authorized_keys_file); ++ pamsshagentauth_logit("Authenticated (sshd): `%s' as `%s' using %s", ruser, user, authorized_keys_file_input); + +@@ -211,11 +208,12 @@ /* * this pw_uid is used to validate the SSH_AUTH_SOCK, and so must be the uid of the ruser invoking the program, not the target-user */ - if(pamsshagentauth_find_authorized_keys(user, ruser, servicename)) { /* getpwnam(ruser)->pw_uid)) { */ -- pamsshagentauth_logit("Authenticated: `%s' as `%s' using %s", ruser, user, authorized_keys_file); +- pamsshagentauth_logit("Authenticated (agent): `%s' as `%s' using %s", ruser, user, authorized_keys_file); + const char *key_file; + if((key_file = pamsshagentauth_find_authorized_keys(user, ruser, servicename))) { /* getpwnam(ruser)->pw_uid)) { */ -+ pamsshagentauth_logit("Authenticated: `%s' as `%s' using %s", ruser, user, key_file); ++ pamsshagentauth_logit("Authenticated (agent): `%s' as `%s' using %s", ruser, user, key_file); retval = PAM_SUCCESS; } else { - pamsshagentauth_logit("Failed Authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file); |